-
Notifications
You must be signed in to change notification settings - Fork 0
160 lines (136 loc) · 5.12 KB
/
planner-appengine-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: "Deploy to Google App Engine"
on:
pull_request:
push:
branches:
- release
workflow_dispatch:
inputs:
production:
description: 'Deploy to production?'
required: true
type: boolean
default: false
jobs:
validate:
name: "🦺 Validation"
uses: TWiStErRob/github-workflows/.github/workflows/validate.yml@1e06403c5d561d70e40109c2701ea3092ca6ded7 # v3
permissions:
contents: read
security-events: write
actions: read
filter:
name: "Detect changes"
if: ${{ github.event_name == 'pull_request' }}
timeout-minutes: 2
permissions:
# actions/checkout
contents: read
# tj-actions/changed-files
pull-requests: read
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
steps:
- name: "Checkout ${{ github.ref }} branch in ${{ github.repository }} repository."
uses: actions/checkout@v4
- name: "Find changes to unrelated paths."
id: changed-files
uses: tj-actions/changed-files@v44
with:
files: |
- 'planner/**'
- '.github/workflows/planner-appengine-deploy.yml'
- '.github/workflows/planner-appengine-delete.yml'
outputs:
relevant-changes-exist: ${{ steps.changed-files.outputs.any_modified == 'true'}}
release:
name: "Release to Google App Engine"
needs:
- validate
- filter
if: ${{ always() && needs.validation.result == 'success' && (needs.filter.result == 'skipped' || needs.filter.outputs.relevant-changes-exist == 'true') }}
timeout-minutes: 10
env:
# Convert input toJSON, because in GitHub Actions: false == null == ''.
# Convert ternary true part toJSON, to make sure || is not trying to interpret it (toJSON(false) -> 'false' will be truthy).
RELEASE_TO_PRODUCTION: ${{ toJSON(inputs.production) == 'null' && toJSON(github.ref == 'refs/heads/release') || inputs.production }}
permissions:
contents: read # This is required for actions/checkout.
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#updating-your-actions-for-oidc
id-token: write # This is required for requesting the JWT via google-github-actions/auth.
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
steps:
- name: "Determine Google App Engine version name."
id: name
uses: actions/github-script@v7
env:
INPUT_PROD: ${{ env.RELEASE_TO_PRODUCTION }}
with:
result-encoding: string
script: |
return process.env.INPUT_PROD === 'true'
// Use blank to indicate that this is a release to production and should use automatic naming.
? 'release'
: context.ref
// refs/heads/main from workflow_dispatch and push events.
.replace('refs/heads/', 'br-')
// refs/pull/123/merge from pull_request event.
.replace('refs/pull/', 'pr-')
// ERROR: (gcloud.app.deploy) argument --version/-v: Bad value [...]:
// May only contain lowercase letters, digits, and hyphens.
// Must begin and end with a letter or digit. Must not exceed 63 characters.
.replace(/[^a-z0-9-]/g, '-')
- name: "Checkout ${{ github.ref }} branch in ${{ github.repository }} repository."
uses: actions/checkout@v4
- name: "Set up Java."
uses: actions/setup-java@v4
with:
java-version-file: planner/.java-version
distribution: temurin
- name: "Set up Node."
uses: actions/setup-node@v4
with:
node-version-file: planner/package.json
- name: "Set up NPM 10.x."
# https://github.com/actions/setup-node/issues/324
run: npm install --global npm@10
- name: "Authenticate to Google Cloud."
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GAE_WIP }}
service_account: ${{ secrets.GAE_SA }}
- name: "Print tooling versions."
run: |
node -v
npm -v
java -version
gcloud --version
- name: "Build Frontend."
working-directory: planner
run: |
npm install
cd frontend
npm run build:prod
- name: "Build Backend."
working-directory: planner
run: >
./gradlew
:backend:endpoint:jar
- name: "Publish ${{ env.VERSION }} to Google App Engine (production=${{ env.RELEASE_TO_PRODUCTION }})."
working-directory: planner
env:
# Use pre-existing SDK, don't download a new one.
GCLOUD_HOME: /usr/lib/google-cloud-sdk
# Will be propagated to app.yml
NEO4J_URL: ${{ secrets.NEO4J_URL }}
VERSION: ${{ steps.name.outputs.result }}
run: >
./gradlew
:deploy:appengine:appengineDeploy
-Pnet.twisterrob.deploy.replaceLive="${RELEASE_TO_PRODUCTION}"
-Pnet.twisterrob.deploy.versionName="${VERSION}"